VPN connection ( Branch office access internet from HQ)

rechard_david · ‎10-12-2009

Dear All Expert,

I would like to ask all of you...

I had connection VPN HQ to branch already( i mean it is working) but the branch it cannot access internet so i would like to allow all the branch office access internet from my HQ. but at my HQ i had other one ASA for internet ,so i don't now how to allow or route ....?

Please help me to solve this issue..please kindly see in the attach file.

Hope all of you reply to me soon :)

Best Regards,

Giuseppe Larosa · ‎10-13-2009

Hello David,

configuration of ASA connecting to the internet has to be updated so that:

it knows that remote site IP subnet(s) are reachable via 10.2.2.1

this can be a static route using the interface where net 10.2.2.0 is defined.

(inside or DMZ or other name)

AND

it provides NAT services for clients in remote site IP subnet(s).

the ASA has to translate their source ip addresses to allow access to public internet.

This should mean a change in an ACL that defines NAT or similar activity.

see

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1067863

Hope to help

Giuseppe

rechard_david · ‎10-13-2009

Dear Giuseppe and Expert,

thank you for your reply,

could you help to edit my configuration on the attach file.

So, in the attach file the VPN site to site is working and internet ASA is working also,

i would like to u help me as below:

1- At HQ if the client assign gateway 10.2.2.2 the client can access internet but cannot access to Branch by VPN?

2- The Branch Cannot access internet? I mean the HQ provide Intenet to branch)

Best Regards,

REchard

rechard_david · ‎10-15-2009

Dear All,

Do you have any update?

Best Regards,

Rechard